To access the techrar API, you must authenticate every request using an API token. This token is unique to your merchant account and can be generated and managed from the techrar portal with specific permissions and expiry settings.Overview#
All API requests require authentication via an API token. The API token must be included in the Authorization header of each request, using the Bearer scheme.
Steps to Authenticate#
1. Create a techrar Account#
To use the techrar API, you must first have a registered merchant account on the techrar portal.2. Generate an API Token#
After logging in to your techrar account:Navigate to the API Tokens section in your dashboard.
Provide a descriptive name for your token (e.g., "Mobile App Integration", "Inventory Sync").
Select the permissions (scopes) your integration requires (e.g., read orders, manage products).
Optionally set an expiry date for enhanced security.
Save your API token securely. You will not be able to view it again after creation.
Note: Each API token is associated with specific permissions and can have an expiry date. Only the allowed endpoints and actions will be accessible with that token.
3. Use the API Key in Requests#
Include your API key in the Authorization header of every API request, using the Bearer scheme.
API Token Management#
API Key Permissions#
When generating an API token, you can select the permissions (scopes) it will have. For example:can_read_order – View orders
can_write_order – Create or update orders
can_read_item – View items
can_write_item – Create or update items
Token Expiry#
You can set an expiry date for your API tokens to enhance security:No Expiry: Token remains active until manually revoked
Custom Expiry: Set a specific date when the token should expire
Expired tokens will return authentication errors and need to be regenerated
Token Status#
Active: Token is valid and can be used for API requests
Inactive: Token is disabled and cannot be used (can be reactivated)
Expired: Token has passed its expiry date and cannot be used
Tip: Always use the principle of least privilege. Only grant the permissions your integration needs and set appropriate expiry dates.
Security Considerations#
Keep your API tokens secret. Never share your API token in public repositories, client-side code, or with unauthorized personnel.
Use descriptive names. Name your tokens clearly to identify their purpose (e.g., "Production Mobile App", "Development Testing").
Set expiry dates. Use token expiry for enhanced security, especially for temporary integrations.
Regenerate compromised tokens immediately. If you suspect your API token has been exposed, revoke it from the portal and generate a new one.
Use HTTPS. Always make API requests over HTTPS to protect your API token and data in transit.
Restrict permissions. Only enable the permissions your integration requires.
Monitor token usage. Regularly review your API token usage in the portal for any suspicious activity.
Manage inactive tokens. Disable or delete tokens that are no longer needed.
Error Handling#
If your API key is missing, invalid, or does not have the required permissions, you will receive an error response:{
"error": {
"code": "-101",
"messages": ["Invalid token"]
}
}
{
"error": {
"code": "-401",
"messages": ["You do not have permission to access this resource"]
}
}
Modified at 2025-11-23 09:52:10
